Data Policy

When you supply your personal details to us
they are stored and processed for the following reasons:

- We need to collect personal information
about your health (including presenting complaint and personal/family
health history) in order to provide you with the best possible treatment.
We also keep notes of your progress updates in response to treatment.
Your requesting treatment and our agreement to provide that care constitutes
a contract. You can, of course, refuse to provide the information, but
if you were to do that we would not be able to provide treatment.

- We use your GP’s name and address
in the event that we need to contact your GP including in an emergency
and because it is a mandatory requirement in the Code of Professional
Conduct of our professional organisations (Sue – FHT and Paul –
British Acupuncture Council).

- We have a “Legitimate Interest”
in collecting that information, because without it we couldn't’t
do our job effectively and safely.

- We keep accident records for any patients
or those who are involved in accidents at our clinic in accordance with
UK Health and Safety legislation including the Reporting of Injuries,
Diseases and Dangerous Occurrences Regulations (RIDDOR) to comply with
the law and to secure evidence in the event of criminal proceedings, civil
litigation, an insurance claim or complaint.

- In the event of an adverse incident occurring
to any of our patients we report the matter to the relevant regulatory
body and insurance company to enable the insurance company to deal with
any potential claims.

- Where relevant we maintain records of the
patient’s consent to treatment, or the consent of their next-of-kin
in order to be able to prove that the patient (and/or parent/guardian/next
of kin) has given informed consent to treatment to secure evidence in
the event of a civil claim, criminal prosecution, insurance claim or complaint.

- We may also think that it is important that
we can contact you in order to confirm your appointments with us or to
update you on matters related to your medical care. This again constitutes
“Legitimate Interest”, but this time it is your legitimate
interest.

- Provided we have your consent, we may occasionally
send you general health information in the form of articles, advice or
newsletters. You may withdraw this consent at any time – just let
us know by any convenient method.

- We keep a permanent attendance register
for patients attending our clinic to keep a record of when you were treated
for tax purposes and to secure potential evidence in the event of a criminal
prosecution, civil litigation, insurance claim or complaint to either
of our regulatory bodies; FHT or the British Acupuncture Council.

We have a legal obligation to retain your
records for 10 years after your most recent appointment (or age 25, if
this is longer), but after this period you can ask us to delete your records
if you wish. Otherwise, we will retain your records indefinitely in order
that we can provide you with the best possible care should you need to
see us at some future date.

Your records are stored:
• On paper, in locked filing cabinets, and the premises they are
kept in are always locked when unattended.
• Our email accounts (if you have contacted us by email, there will
be a history of that communication) - any correspondence will be deleted
once appointments are made for a consultation in the clinic. Additionally,
our email accounts are password protected. However, please be aware that
we are unable to send or receive encrypted emails so you should be aware
that any emails we send or receive may not be protected in transit. We
will also monitor any emails sent to us, including file attachments, for
viruses or malicious software. Please be aware that you have a responsibility
to ensure that any email you send us is within the bounds of the law.
• Our mobile phones. Again, any text conversations or call history
will be deleted once they reach a conclusion ie. an appointment being
made. Our phones are kept on our person at all times or in a locked building
to ensure protection of your personal data.

We will never share your data with anyone
who does not need access without your written consent. Only the following
people/agencies will have access to your data:
• Your practitioner(s) in order that they can provide you with treatment.
• with the relevant authority such as the police or a court, if
necessary for compliance with a legal obligation to which we are subject
e.g. a court order;
• with your doctor or the police if necessary to protect yours or
another person’s life;
• with the police or a local authority for the purpose of safeguarding
children or vulnerable adults
• with our regulatory bodies, or our insurance companies in the
event of a complaint or insurance claim being brought against us
• our solicitors in the event of any investigation or legal proceedings
being brought against us.

You have the right to see what personal data of yours we hold, and you
can also ask us to correct any factual errors.
Provided the legal minimum period has elapsed, you can also ask us to
erase your records.
We want you to be absolutely confident that we are treating your personal
data responsibly, and that we are doing everything we can to make sure
that the only people who can access that data have a genuine need to do
so.
In the unlikely event that your personal data is lost you have the right
to be informed. We shall also inform the Information Commissioner’s
Office in accordance with the time limits in the GDPR.
Of course, if you feel that we are mishandling your personal data in some
way, you have the right to complain.
Complaints need to be sent to the “Data Controller”. In this
case, the “Data Controller” is your practitioner. Our details
can be found on this website.

If you are not satisfied with our response,
then you have the right to raise the matter with the Information Commissioner’s
Office.